Search for vulnerabilities
Vulnerability details: VCID-nmcd-jnpw-aaaj
Vulnerability ID VCID-nmcd-jnpw-aaaj
Aliases CVE-2024-25629
Summary c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-127 Buffer Under-read
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2024-25629
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
https://api.first.org/data/v1/epss?cve=CVE-2024-25629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
2265713 https://bugzilla.redhat.com/show_bug.cgi?id=2265713
cpe:2.3:a:c-ares:c-ares:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:c-ares:c-ares:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629
RHSA-2024:2778 https://access.redhat.com/errata/RHSA-2024:2778
RHSA-2024:2779 https://access.redhat.com/errata/RHSA-2024:2779
RHSA-2024:2780 https://access.redhat.com/errata/RHSA-2024:2780
RHSA-2024:2853 https://access.redhat.com/errata/RHSA-2024:2853
RHSA-2024:2910 https://access.redhat.com/errata/RHSA-2024:2910
RHSA-2024:3842 https://access.redhat.com/errata/RHSA-2024:3842
RHSA-2024:4249 https://access.redhat.com/errata/RHSA-2024:4249
RHSA-2024:4559 https://access.redhat.com/errata/RHSA-2024:4559
RHSA-2024:4721 https://access.redhat.com/errata/RHSA-2024:4721
USN-6676-1 https://usn.ubuntu.com/6676-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-25629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08727
EPSS Score 0.00035
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:48.245407+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-25629 34.0.0rc4